muskrat/vendor/github.com/gotd/td/internal/crypto/cipher_decrypt.go

package crypto

import (
	"crypto/aes"

	"github.com/go-faster/errors"

	"github.com/gotd/ige"

	"github.com/gotd/td/bin"
)

// DecryptFromBuffer decodes EncryptedMessage and decrypts it.
func (c Cipher) DecryptFromBuffer(k AuthKey, buf *bin.Buffer) (*EncryptedMessageData, error) {
	msg := &EncryptedMessage{}
	// Because we assume that buffer is valid during decrypting, we able to
	// use DecodeWithoutCopy and do not allocate inner buffer for EncryptedMessage.
	if err := msg.DecodeWithoutCopy(buf); err != nil {
		return nil, err
	}

	return c.Decrypt(k, msg)
}

// Decrypt decrypts data from encrypted message using AES-IGE.
func (c Cipher) Decrypt(k AuthKey, encrypted *EncryptedMessage) (*EncryptedMessageData, error) {
	plaintext, err := c.decryptMessage(k, encrypted)
	if err != nil {
		return nil, err
	}

	side := c.encryptSide.DecryptSide()
	// Checking SHA256 hash value of msg_key
	msgKey := MessageKey(k.Value, plaintext, side)
	if msgKey != encrypted.MsgKey {
		return nil, errors.New("msg_key is invalid")
	}

	msg := &EncryptedMessageData{}
	// Notice: do not re-use plaintext, because we use DecodeWithoutCopy, it references
	// original buffer.
	if err := msg.DecodeWithoutCopy(&bin.Buffer{Buf: plaintext}); err != nil {
		return nil, err
	}

	{
		// Checking that padding of decrypted message is not too big.
		const maxPadding = 1024
		n := int(msg.MessageDataLen)
		paddingLen := len(msg.MessageDataWithPadding) - n

		switch {
		case n < 0:
			return nil, errors.Errorf("message length is invalid: %d less than zero", n)
		case n%4 != 0:
			return nil, errors.Errorf("message length is invalid: %d is not divisible by 4", n)
		case paddingLen > maxPadding:
			return nil, errors.Errorf("padding %d of message is too big", paddingLen)
		}
	}

	return msg, nil
}

// decryptMessage decrypts data from encrypted message using AES-IGE.
func (c Cipher) decryptMessage(k AuthKey, encrypted *EncryptedMessage) ([]byte, error) {
	if k.ID != encrypted.AuthKeyID {
		return nil, errors.New("unknown auth key id")
	}
	if len(encrypted.EncryptedData)%16 != 0 {
		return nil, errors.New("invalid encrypted data padding")
	}

	key, iv := Keys(k.Value, encrypted.MsgKey, c.encryptSide.DecryptSide())
	cipher, err := aes.NewCipher(key[:])
	if err != nil {
		return nil, err
	}
	plaintext := make([]byte, len(encrypted.EncryptedData))
	ige.DecryptBlocks(cipher, iv[:], plaintext, encrypted.EncryptedData)

	return plaintext, nil
}
go mod tidy && go mod vendor 3 years ago			`package crypto`

			`import (`
			`"crypto/aes"`

			`"github.com/go-faster/errors"`

			`"github.com/gotd/ige"`

			`"github.com/gotd/td/bin"`
			`)`

			`// DecryptFromBuffer decodes EncryptedMessage and decrypts it.`
			`func (c Cipher) DecryptFromBuffer(k AuthKey, buf bin.Buffer) (EncryptedMessageData, error) {`
			`msg := &EncryptedMessage{}`
			`// Because we assume that buffer is valid during decrypting, we able to`
			`// use DecodeWithoutCopy and do not allocate inner buffer for EncryptedMessage.`
			`if err := msg.DecodeWithoutCopy(buf); err != nil {`
			`return nil, err`
			`}`

			`return c.Decrypt(k, msg)`
			`}`

			`// Decrypt decrypts data from encrypted message using AES-IGE.`
			`func (c Cipher) Decrypt(k AuthKey, encrypted EncryptedMessage) (EncryptedMessageData, error) {`
			`plaintext, err := c.decryptMessage(k, encrypted)`
			`if err != nil {`
			`return nil, err`
			`}`

			`side := c.encryptSide.DecryptSide()`
			`// Checking SHA256 hash value of msg_key`
			`msgKey := MessageKey(k.Value, plaintext, side)`
			`if msgKey != encrypted.MsgKey {`
			`return nil, errors.New("msg_key is invalid")`
			`}`

			`msg := &EncryptedMessageData{}`
			`// Notice: do not re-use plaintext, because we use DecodeWithoutCopy, it references`
			`// original buffer.`
			`if err := msg.DecodeWithoutCopy(&bin.Buffer{Buf: plaintext}); err != nil {`
			`return nil, err`
			`}`

			`{`
			`// Checking that padding of decrypted message is not too big.`
			`const maxPadding = 1024`
			`n := int(msg.MessageDataLen)`
			`paddingLen := len(msg.MessageDataWithPadding) - n`

			`switch {`
			`case n < 0:`
			`return nil, errors.Errorf("message length is invalid: %d less than zero", n)`
			`case n%4 != 0:`
			`return nil, errors.Errorf("message length is invalid: %d is not divisible by 4", n)`
			`case paddingLen > maxPadding:`
			`return nil, errors.Errorf("padding %d of message is too big", paddingLen)`
			`}`
			`}`

			`return msg, nil`
			`}`

			`// decryptMessage decrypts data from encrypted message using AES-IGE.`
			`func (c Cipher) decryptMessage(k AuthKey, encrypted *EncryptedMessage) ([]byte, error) {`
			`if k.ID != encrypted.AuthKeyID {`
			`return nil, errors.New("unknown auth key id")`
			`}`
			`if len(encrypted.EncryptedData)%16 != 0 {`
			`return nil, errors.New("invalid encrypted data padding")`
			`}`

			`key, iv := Keys(k.Value, encrypted.MsgKey, c.encryptSide.DecryptSide())`
			`cipher, err := aes.NewCipher(key[:])`
			`if err != nil {`
			`return nil, err`
			`}`
			`plaintext := make([]byte, len(encrypted.EncryptedData))`
			`ige.DecryptBlocks(cipher, iv[:], plaintext, encrypted.EncryptedData)`

			`return plaintext, nil`
			`}`